SlideShare una empresa de Scribd logo

TerraformとAzureを組み合わせて使うときの勘所

Kyohei Moriyama
Kyohei Moriyama

TerraformとAzureを組み合わせて使うときの勘所

Ingeniería
1 de 33
Descargar para leer sin conexión
Azure Terraform Azure 2018 6 14 1 @MoriyamaKyohei
Azure !
!
!
Terraform x Azure 10 5 1. Terraform x Azure x ? 2. Terraform x Azure x ?state 3. Terraform x Azure x CredenDal 4. Terraform x CI/CD Tool x MSI x Azure
Q. V Azure Resource “ ” A. Azure CLI
$ az login $ az account list-locaWons !
!
!
!
Q. State Azure A. Blob remoteState.X configuraZon file Azure
Terraform x State Terraform “State” “state” ”terraform.tfstate” local “state” plans state purpose > Terraform must store state about your managed infrastructure and configuration. This state is used by Terraform to map real world resources to your configuration, keep track of metadata, and to improve performance for large infrastructures. > > This state is stored by default in a local file named "terraform.tfstate", but it can also be stored remotely, which works better in a team environment. > > Terraform uses this local state to create plans and make changes to your infrastructure. Prior to any operation, Terraform does a refresh to update the state with the real infrastructure. > > For more information on why Terraform requires state and why Terraform cannot function without state, please see the page state purpose. Hashicorp Terraform Documentation -
TerraformxStatepurpose > The primary motivation people have for using remote state files is in an attempt to improve using Terraform with teams. State files can easily result in conflicts when two people modify infrastructure at the same time. > > _Remote state_ is _the recommended solution_ to this problem. At the time of writing, remote state works well but there are still scenarios that can result in state conflicts. A priority for future versions of Terraform is to improve this. “Remote State” Terraform “Remote State” Terraform Hashicorp Terraform Documentation -
Blob(Object) Storage $ python –version && mkdir terraform-demo && cd terraform-demo && virtualenv env && source env/bin/ac]vate && pip install azure-cli $ az login To sign in, use a web browser to open the page h`ps://microsob.com/devicelogin and enter the code FYT6E7UGR to authen]cate. # -> browser login $ az group create -n terraform-demo -l japaneast $ az storage account create --name myterrastatestore --resource-group terraform-demo --loca]on japaneast --sku Standard_RAGRS --encryp]on blob $ az storage account keys list --account-name myterrastatestore --resource-group terraform-demo $ az storage container create --name statestorecont --account-key 7p+SUZrcBuE2rUoUAT1RdvcarapOLlI1Qcl1LHAhWzYuz+Gv/w+Znwd7mcSqnITrgMN5NKc296ZfSWw1K21x wQ== --account-name myterrastatestore OS/Security Terraform okay
Terraform blobStorage #------------------------------------------------------- # Statement of Resource Group #------------------------------------------------------- resource "azurerm_resource_group" "terraform-blob" { name = "terraform-state-blob” loca^on = "Japan East” } #------------------------------------------------------- # Crea^ng storage blob / account and container #------------------------------------------------------- resource "azurerm_storage_account" "terraform-blob" { name = "decodeterraformblob” resource_group_name = "${azurerm_resource_group.terraform-blob.name}” loca^on = "${azurerm_resource_group.terraform-blob.loca^on}” account_^er = "Standard” account_replica^on_type = ”RAGRS” } resource "azurerm_storage_container" "terraform-blob" { name = "terraformblobstatefile” resource_group_name = "${azurerm_resource_group.terraform-blob.name}” storage_account_name = "${azurerm_storage_account.terraform-blob.name}” container_access_type = "private” }
remoteState.tf terraform { backend "azurerm" { storage_account_name = "myterrastatestore" container_name = "statestorecont" key = "prod.terraform.tfstate" access_key = "lo1EmEyuHAaRfBXkASHXONB431foHh0CwXE3p3qwR0KTZp mrQsAbMdAD54I7Lae801Om7v0VVH5PCqfVc0+GOA==" } } ! Key
Q. terraform plan az login A. az login Auth Token Expire Time default RBAC Service principal Azure
TerraformxAzure Terraform Azure Provider Azure Azure CLI Auth Token Auth Token `$HOME/.azure/accessTokens.json` Auth Token Expire
RBAC RolebasedAccess Control AzureOn-Premises Sector 1 Sector 2 .. Region NA Region SA Division Mktg .. Division Sales .. Project 1 Project 2 .. Subscription per Sector Resource Group per Project Tags Region, Division, Project “Standard” VNet per Division in separate resource group Billing Tracked per Division Subnet On “standard” Vnet assigned to each Project Users,Groupsand PasswordSyncAcXve Directory ExpressRoute(s) IT Director’ Office Azure Active Directory Infrastructure Admins and Support Project Team Roles Network Admins Owners of SubscripXons VNet Contributors of “standard” VNet RGs Virtual Machine Contributors of Project RGs and “standard” VNet RGs Appropriate Role on Project RGs
AzureCLI RBAC Serviceprincipal azlogin OAuth web applica@on SP(azure cli control) ①Login ②Login Code ③Login Code ④Login Code+ User Creden@al ⑥Auth Token $HOME/.azure/accessToken.json ⑦Auth Token ⑤ Azure CLI Web Token Expired Time !
RBAC Serviceprincipal $# default 1 --years opYon $ az ad sp create-for-rbac AppId DisplayName Name Password Tenant ---------------------------- ------------------------- --------------------------- ------------------------- ---------------------- 15ac61e0-35a0-4969-97c9-1309420aabae azure-cli-2018-06-14-07-26-27 h]p://azure-cli-2018-06-14-07-26- 27 8d3f937e-6818-48fd-b36a-93e8fa9709f8 72f988bf-86f1-41af-91ab-2d7cd011db47 $ #subscripYon ID $ az account list Name CloudName SubscripYonId State IsDefault ---------------------------------- ----------- ------------------------------------ ------- ----------- Visual Studio Enterprise AzureCloud 2fasdfasd5a3-asdf65-4asdf-8bd9-d8asdfsdfdef8 Enabled Microsoa Azure XXXX AzureCloud casdfasdf-s7fd1-46dd-87asfdsfasdff375 Enabled True $# $ az login --service-principal -u h]p://azure-cli-2018-06-14-07-26-27 -p "8d3f937e-6818-48fd-b36a- 93e8fa9709f8" --tenant "72f988bf-86f1-41af-91ab-2d7cd011db47"
Credential tf [azureCred.<] variable subscripEon_id {} variable tenant_id {} variable client_id {} variable client_secret {} provider "azurerm" { subscripEon_id = " ${var. subscripEon_id} " tenant_id = " ${var. tenant_id} " client_id = " ${var.client_id} " #app id → client id client_secret = "${var.client_secret}" #Password → client secret } [terraform.<vars] subscripEon_id = ”xxxxxxxxx-xxxxxxxxxx-sdfasdfasf375" tenant_id = ”asdfasdfasdf-asdf-asdf-asdfasdfasdfasdf” client_id = “15ac61e0-35a0-4969-97c9-1309420aabae” client_secret = “8d3f937e-6818-48fd-b36a-93e8fa9709f8”
Q. terraform plan az login CI/CD token A. Azure
Token [ ] Azure Azure AD Auth Token Token Token Code [ ] Azure MSI Managed Service Identity
ManagedServiceIdenVty Tenant - Subscription Resource Group A Azure AcDve Directory Resource Group B MSI VM [Management VM] $az login --idenDty MSI endpoint Management VM Resource Group A Token Get Auth Token $terraform init/plan /apply/destroy VM
MSI →Marketplace TerraformVM Terraform/Azure CLI/MSI VM Extension VM
Deploy ! State blob ! MSI ! Terraform
…
MSI Staging RG Production RG Management RG
Test and Staging Phase Maven Build and App Test Staging Deploy Production Deploy E2E Test Go to Production Phase
Let’s try AKS with Terraform!!
Terraform Azure oif(2018/06/14) Microsoft Microsoft M r Microsoft r r Microsoft i tr r r s r Microsoft c r c

Recomendados

Administering and Monitoring SolrCloud Clusters
Administering and Monitoring SolrCloud ClustersAdministering and Monitoring SolrCloud Clusters
Administering and Monitoring SolrCloud Clusters
Sematext Group, Inc.
 
Amazed by AWS Series #4
Amazed by AWS Series #4Amazed by AWS Series #4
Amazed by AWS Series #4
Amazon Web Services Korea
 
Terraform 0.9 + good practices
Terraform 0.9 + good practicesTerraform 0.9 + good practices
Terraform 0.9 + good practices
Radek Simko
 
Declarative & workflow based infrastructure with Terraform
Declarative & workflow based infrastructure with TerraformDeclarative & workflow based infrastructure with Terraform
Declarative & workflow based infrastructure with Terraform
Radek Simko
 
Infrastructure as Code in Google Cloud
Infrastructure as Code in Google CloudInfrastructure as Code in Google Cloud
Infrastructure as Code in Google Cloud
Radek Simko
 
Terraforming the Kubernetes Land
Terraforming the Kubernetes LandTerraforming the Kubernetes Land
Terraforming the Kubernetes Land
Radek Simko
 
Terraform introduction
Terraform introductionTerraform introduction
Terraform introduction
Jason Vance
 
Failsafe Mechanism for Yahoo Homepage
Failsafe Mechanism for Yahoo HomepageFailsafe Mechanism for Yahoo Homepage
Failsafe Mechanism for Yahoo Homepage
Kit Chan
 

Recomendados

Administering and Monitoring SolrCloud Clusters
Administering and Monitoring SolrCloud ClustersAdministering and Monitoring SolrCloud Clusters
Administering and Monitoring SolrCloud Clusters
Sematext Group, Inc.
 
Amazed by AWS Series #4
Amazed by AWS Series #4Amazed by AWS Series #4
Amazed by AWS Series #4
Amazon Web Services Korea
 
Terraform 0.9 + good practices
Terraform 0.9 + good practicesTerraform 0.9 + good practices
Terraform 0.9 + good practices
Radek Simko
 
Declarative & workflow based infrastructure with Terraform
Declarative & workflow based infrastructure with TerraformDeclarative & workflow based infrastructure with Terraform
Declarative & workflow based infrastructure with Terraform
Radek Simko
 
Infrastructure as Code in Google Cloud
Infrastructure as Code in Google CloudInfrastructure as Code in Google Cloud
Infrastructure as Code in Google Cloud
Radek Simko
 
Terraforming the Kubernetes Land
Terraforming the Kubernetes LandTerraforming the Kubernetes Land
Terraforming the Kubernetes Land
Radek Simko
 
Terraform introduction
Terraform introductionTerraform introduction
Terraform introduction
Jason Vance
 
Failsafe Mechanism for Yahoo Homepage
Failsafe Mechanism for Yahoo HomepageFailsafe Mechanism for Yahoo Homepage
Failsafe Mechanism for Yahoo Homepage
Kit Chan
 
Refactoring terraform
Refactoring terraformRefactoring terraform
Refactoring terraform
Nell Shamrell-Harrington
 
Useful Kafka tools
Useful Kafka toolsUseful Kafka tools
Useful Kafka tools
Dale Lane
 
Intro to Terraform
Intro to TerraformIntro to Terraform
Intro to Terraform
Josh Michielsen
 
Introduction to cloudforecast
Introduction to cloudforecastIntroduction to cloudforecast
Introduction to cloudforecast
Masahiro Nagano
 
Describing Kafka security in AsyncAPI
Describing Kafka security in AsyncAPIDescribing Kafka security in AsyncAPI
Describing Kafka security in AsyncAPI
Dale Lane
 
Replacing Squid with ATS
Replacing Squid with ATSReplacing Squid with ATS
Replacing Squid with ATS
Kit Chan
 
Tuning Solr for Logs
Tuning Solr for LogsTuning Solr for Logs
Tuning Solr for Logs
Sematext Group, Inc.
 
Using Terraform.io (Human Talks Montpellier, Epitech, 2014/09/09)
Using Terraform.io (Human Talks Montpellier, Epitech, 2014/09/09)Using Terraform.io (Human Talks Montpellier, Epitech, 2014/09/09)
Using Terraform.io (Human Talks Montpellier, Epitech, 2014/09/09)
Stephane Jourdan
 
Terraform Introduction
Terraform IntroductionTerraform Introduction
Terraform Introduction
soniasnowfrog
 
Infrastructure as Code & Terraform 101
Infrastructure as Code & Terraform 101Infrastructure as Code & Terraform 101
Infrastructure as Code & Terraform 101
Kristoffer Ahl
 
Przemysław Iwanek - ABC AWS, budowanie infrastruktury przy pomocy Terraform
Przemysław Iwanek - ABC AWS, budowanie infrastruktury przy pomocy TerraformPrzemysław Iwanek - ABC AWS, budowanie infrastruktury przy pomocy Terraform
Przemysław Iwanek - ABC AWS, budowanie infrastruktury przy pomocy Terraform
jzielinski_pl
 
Terraform Cosmos DB
Terraform Cosmos DBTerraform Cosmos DB
Terraform Cosmos DB
Moisés Elías Araya
 
Introductory Overview to Managing AWS with Terraform
Introductory Overview to Managing AWS with TerraformIntroductory Overview to Managing AWS with Terraform
Introductory Overview to Managing AWS with Terraform
Michael Heyns
 
Introduction To Terraform
Introduction To TerraformIntroduction To Terraform
Introduction To Terraform
Sasitha Iresh
 
How to create a secured cloudera cluster
How to create a secured cloudera clusterHow to create a secured cloudera cluster
How to create a secured cloudera cluster
Tiago Simões
 
Terraform at Scale - All Day DevOps 2017
Terraform at Scale - All Day DevOps 2017Terraform at Scale - All Day DevOps 2017
Terraform at Scale - All Day DevOps 2017
Jonathon Brouse
 
How to create a multi tenancy for an interactive data analysis
How to create a multi tenancy for an interactive data analysisHow to create a multi tenancy for an interactive data analysis
How to create a multi tenancy for an interactive data analysis
Tiago Simões
 
Terraform day02
Terraform day02Terraform day02
Terraform day02
Gourav Varma
 
How to configure a hive high availability connection with zeppelin
How to configure a hive high availability connection with zeppelinHow to configure a hive high availability connection with zeppelin
How to configure a hive high availability connection with zeppelin
Tiago Simões
 
Streamline Hadoop DevOps with Apache Ambari
Streamline Hadoop DevOps with Apache AmbariStreamline Hadoop DevOps with Apache Ambari
Streamline Hadoop DevOps with Apache Ambari
Alejandro Fernandez
 
Terraform Tips and Tricks - LAOUC 2022
Terraform Tips and Tricks - LAOUC 2022Terraform Tips and Tricks - LAOUC 2022
Terraform Tips and Tricks - LAOUC 2022
Nelson Calero
 
Final terraform
Final terraformFinal terraform
Final terraform
Gourav Varma
 

Más contenido relacionado

La actualidad más candente

Terraform at Scale - All Day DevOps 2017
Terraform at Scale - All Day DevOps 2017Terraform at Scale - All Day DevOps 2017
Terraform at Scale - All Day DevOps 2017
Jonathon Brouse
 

La actualidad más candente (20)

Refactoring terraform
Refactoring terraformRefactoring terraform
Refactoring terraform
 
Useful Kafka tools
Useful Kafka toolsUseful Kafka tools
Useful Kafka tools
 
Intro to Terraform
Intro to TerraformIntro to Terraform
Intro to Terraform
 
Introduction to cloudforecast
Introduction to cloudforecastIntroduction to cloudforecast
Introduction to cloudforecast
 
Describing Kafka security in AsyncAPI
Describing Kafka security in AsyncAPIDescribing Kafka security in AsyncAPI
Describing Kafka security in AsyncAPI
 
Replacing Squid with ATS
Replacing Squid with ATSReplacing Squid with ATS
Replacing Squid with ATS
 
Tuning Solr for Logs
Tuning Solr for LogsTuning Solr for Logs
Tuning Solr for Logs
 
Using Terraform.io (Human Talks Montpellier, Epitech, 2014/09/09)
Using Terraform.io (Human Talks Montpellier, Epitech, 2014/09/09)Using Terraform.io (Human Talks Montpellier, Epitech, 2014/09/09)
Using Terraform.io (Human Talks Montpellier, Epitech, 2014/09/09)
 
Terraform Introduction
Terraform IntroductionTerraform Introduction
Terraform Introduction
 
Infrastructure as Code & Terraform 101
Infrastructure as Code & Terraform 101Infrastructure as Code & Terraform 101
Infrastructure as Code & Terraform 101
 
Przemysław Iwanek - ABC AWS, budowanie infrastruktury przy pomocy Terraform
Przemysław Iwanek - ABC AWS, budowanie infrastruktury przy pomocy TerraformPrzemysław Iwanek - ABC AWS, budowanie infrastruktury przy pomocy Terraform
Przemysław Iwanek - ABC AWS, budowanie infrastruktury przy pomocy Terraform
 
Terraform Cosmos DB
Terraform Cosmos DBTerraform Cosmos DB
Terraform Cosmos DB
 
Introductory Overview to Managing AWS with Terraform
Introductory Overview to Managing AWS with TerraformIntroductory Overview to Managing AWS with Terraform
Introductory Overview to Managing AWS with Terraform
 
Introduction To Terraform
Introduction To TerraformIntroduction To Terraform
Introduction To Terraform
 
How to create a secured cloudera cluster
How to create a secured cloudera clusterHow to create a secured cloudera cluster
How to create a secured cloudera cluster
 
Terraform at Scale - All Day DevOps 2017
Terraform at Scale - All Day DevOps 2017Terraform at Scale - All Day DevOps 2017
Terraform at Scale - All Day DevOps 2017
 
How to create a multi tenancy for an interactive data analysis
How to create a multi tenancy for an interactive data analysisHow to create a multi tenancy for an interactive data analysis
How to create a multi tenancy for an interactive data analysis
 
Terraform day02
Terraform day02Terraform day02
Terraform day02
 
How to configure a hive high availability connection with zeppelin
How to configure a hive high availability connection with zeppelinHow to configure a hive high availability connection with zeppelin
How to configure a hive high availability connection with zeppelin
 
Streamline Hadoop DevOps with Apache Ambari
Streamline Hadoop DevOps with Apache AmbariStreamline Hadoop DevOps with Apache Ambari
Streamline Hadoop DevOps with Apache Ambari
 

Similar a TerraformとAzureを組み合わせて使うときの勘所

Atmosphere Conference 2015: Taming the Modern Datacenter
Atmosphere Conference 2015: Taming the Modern DatacenterAtmosphere Conference 2015: Taming the Modern Datacenter
Atmosphere Conference 2015: Taming the Modern Datacenter
PROIDEA
 
Burn down the silos! Helping dev and ops gel on high availability websites
Burn down the silos! Helping dev and ops gel on high availability websitesBurn down the silos! Helping dev and ops gel on high availability websites
Burn down the silos! Helping dev and ops gel on high availability websites
Lindsay Holmwood
 
glance replicator
glance replicatorglance replicator
glance replicator
irix_jp
 
Using Terraform to manage the configuration of a Cisco ACI fabric.
Using Terraform to manage the configuration of a Cisco ACI fabric.Using Terraform to manage the configuration of a Cisco ACI fabric.
Using Terraform to manage the configuration of a Cisco ACI fabric.
Joel W. King
 
How to Make Android's Bootable Recovery Work For You by Drew Suarez
How to Make Android's Bootable Recovery Work For You by Drew SuarezHow to Make Android's Bootable Recovery Work For You by Drew Suarez
How to Make Android's Bootable Recovery Work For You by Drew Suarez
Shakacon
 

Similar a TerraformとAzureを組み合わせて使うときの勘所 (20)

Terraform Tips and Tricks - LAOUC 2022
Terraform Tips and Tricks - LAOUC 2022Terraform Tips and Tricks - LAOUC 2022
Terraform Tips and Tricks - LAOUC 2022
 
Final terraform
Final terraformFinal terraform
Final terraform
 
Debasihish da final.ppt
Debasihish da final.pptDebasihish da final.ppt
Debasihish da final.ppt
 
Atmosphere Conference 2015: Taming the Modern Datacenter
Atmosphere Conference 2015: Taming the Modern DatacenterAtmosphere Conference 2015: Taming the Modern Datacenter
Atmosphere Conference 2015: Taming the Modern Datacenter
 
Infrastructure as Code for Azure: ARM or Terraform?
Infrastructure as Code for Azure: ARM or Terraform?Infrastructure as Code for Azure: ARM or Terraform?
Infrastructure as Code for Azure: ARM or Terraform?
 
A Hands-on Introduction on Terraform Best Concepts and Best Practices
A Hands-on Introduction on Terraform Best Concepts and Best Practices A Hands-on Introduction on Terraform Best Concepts and Best Practices
A Hands-on Introduction on Terraform Best Concepts and Best Practices
 
Burn down the silos! Helping dev and ops gel on high availability websites
Burn down the silos! Helping dev and ops gel on high availability websitesBurn down the silos! Helping dev and ops gel on high availability websites
Burn down the silos! Helping dev and ops gel on high availability websites
 
glance replicator
glance replicatorglance replicator
glance replicator
 
Infrastructure as Code with Terraform
Infrastructure as Code with TerraformInfrastructure as Code with Terraform
Infrastructure as Code with Terraform
 
(BAC404) Deploying High Availability and Disaster Recovery Architectures with...
(BAC404) Deploying High Availability and Disaster Recovery Architectures with...(BAC404) Deploying High Availability and Disaster Recovery Architectures with...
(BAC404) Deploying High Availability and Disaster Recovery Architectures with...
 
Using Terraform to manage the configuration of a Cisco ACI fabric.
Using Terraform to manage the configuration of a Cisco ACI fabric.Using Terraform to manage the configuration of a Cisco ACI fabric.
Using Terraform to manage the configuration of a Cisco ACI fabric.
 
Percona toolkit
Percona toolkitPercona toolkit
Percona toolkit
 
How to Make Android's Bootable Recovery Work For You by Drew Suarez
How to Make Android's Bootable Recovery Work For You by Drew SuarezHow to Make Android's Bootable Recovery Work For You by Drew Suarez
How to Make Android's Bootable Recovery Work For You by Drew Suarez
 
Docker container management
Docker container managementDocker container management
Docker container management
 
How to install squid proxy on server or how to install squid proxy on centos o
How to install squid proxy on server or how to install squid proxy on centos oHow to install squid proxy on server or how to install squid proxy on centos o
How to install squid proxy on server or how to install squid proxy on centos o
 
infra-as-code
infra-as-codeinfra-as-code
infra-as-code
 
leboncoin DataEngineering / Terraform - beginner to advanced
leboncoin DataEngineering / Terraform - beginner to advancedleboncoin DataEngineering / Terraform - beginner to advanced
leboncoin DataEngineering / Terraform - beginner to advanced
 
Bare-metal and Virtual Provisioning with Razor
Bare-metal and Virtual Provisioning with RazorBare-metal and Virtual Provisioning with Razor
Bare-metal and Virtual Provisioning with Razor
 
Harmonious Development: Via Vagrant and Puppet
Harmonious Development: Via Vagrant and PuppetHarmonious Development: Via Vagrant and Puppet
Harmonious Development: Via Vagrant and Puppet
 
Keep it simple web development stack
Keep it simple web development stackKeep it simple web development stack
Keep it simple web development stack
 

Más de Kyohei Moriyama

Más de Kyohei Moriyama (11)

Goのはじめかた
GoのはじめかたGoのはじめかた
Goのはじめかた
 
Git operation 101
Git operation 101Git operation 101
Git operation 101
 
Self-Introduction with DevOps
Self-Introduction with DevOpsSelf-Introduction with DevOps
Self-Introduction with DevOps
 
Jenkins x azure
Jenkins x azureJenkins x azure
Jenkins x azure
 
Open@Microsoftを眺めてみる
Open@Microsoftを眺めてみるOpen@Microsoftを眺めてみる
Open@Microsoftを眺めてみる
 
2017 10-06 マイクロビットプログラミング
2017 10-06 マイクロビットプログラミング2017 10-06 マイクロビットプログラミング
2017 10-06 マイクロビットプログラミング
 
Amazonで買えるarduino互換ボードまとめ
Amazonで買えるarduino互換ボードまとめAmazonで買えるarduino互換ボードまとめ
Amazonで買えるarduino互換ボードまとめ
 
Sdn japan2016 hpe_switch_story_v2
Sdn japan2016 hpe_switch_story_v2Sdn japan2016 hpe_switch_story_v2
Sdn japan2016 hpe_switch_story_v2
 
Open stack and sdn hands-on and demo
Open stack and sdn hands-on and demoOpen stack and sdn hands-on and demo
Open stack and sdn hands-on and demo
 
Sightseeing
SightseeingSightseeing
Sightseeing
 
Dailymotion problem
Dailymotion problemDailymotion problem
Dailymotion problem
 

Último

(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7
(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7
(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7
Call Girls in Nagpur High Profile Call Girls
 
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
SUHANI PANDEY
 
Bhosari ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For ...
Bhosari ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For ...Bhosari ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For ...
Bhosari ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For ...
tanu pandey
 
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Christo Ananth
 
AKTU Computer Networks notes --- Unit 3.pdf
AKTU Computer Networks notes --- Unit 3.pdfAKTU Computer Networks notes --- Unit 3.pdf
AKTU Computer Networks notes --- Unit 3.pdf
ankushspencer015
 
(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7
(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7
(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7
Call Girls in Nagpur High Profile Call Girls
 
Call for Papers - International Journal of Intelligent Systems and Applicatio...
Call for Papers - International Journal of Intelligent Systems and Applicatio...Call for Papers - International Journal of Intelligent Systems and Applicatio...
Call for Papers - International Journal of Intelligent Systems and Applicatio...
Christo Ananth
 
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
ssuser89054b
 
Call Girls Wakad Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Wakad Call Me 7737669865 Budget Friendly No Advance BookingCall Girls Wakad Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Wakad Call Me 7737669865 Budget Friendly No Advance Booking
roncy bisnoi
 
Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...
Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...
Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...
9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
Call Girls In Bangalore ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Bangalore ☎ 7737669865 🥵 Book Your One night StandCall Girls In Bangalore ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Bangalore ☎ 7737669865 🥵 Book Your One night Stand
amitlee9823
 
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
dollysharma2066
 

Último (20)

Unit 1 - Soil Classification and Compaction.pdf
Unit 1 - Soil Classification and Compaction.pdfUnit 1 - Soil Classification and Compaction.pdf
Unit 1 - Soil Classification and Compaction.pdf
 
ONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdf
ONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdfONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdf
ONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdf
 
(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7
(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7
(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7
 
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
 
Bhosari ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For ...
Bhosari ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For ...Bhosari ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For ...
Bhosari ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For ...
 
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
 
KubeKraft presentation @CloudNativeHooghly
KubeKraft presentation @CloudNativeHooghlyKubeKraft presentation @CloudNativeHooghly
KubeKraft presentation @CloudNativeHooghly
 
AKTU Computer Networks notes --- Unit 3.pdf
AKTU Computer Networks notes --- Unit 3.pdfAKTU Computer Networks notes --- Unit 3.pdf
AKTU Computer Networks notes --- Unit 3.pdf
 
(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7
(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7
(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7
 
Call for Papers - International Journal of Intelligent Systems and Applicatio...
Call for Papers - International Journal of Intelligent Systems and Applicatio...Call for Papers - International Journal of Intelligent Systems and Applicatio...
Call for Papers - International Journal of Intelligent Systems and Applicatio...
 
Unleashing the Power of the SORA AI lastest leap
Unleashing the Power of the SORA AI lastest leapUnleashing the Power of the SORA AI lastest leap
Unleashing the Power of the SORA AI lastest leap
 
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
 
Call Girls Wakad Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Wakad Call Me 7737669865 Budget Friendly No Advance BookingCall Girls Wakad Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Wakad Call Me 7737669865 Budget Friendly No Advance Booking
 
chapter 5.pptx: drainage and irrigation engineering
chapter 5.pptx: drainage and irrigation engineeringchapter 5.pptx: drainage and irrigation engineering
chapter 5.pptx: drainage and irrigation engineering
 
Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...
Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...
Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...
 
Call Girls In Bangalore ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Bangalore ☎ 7737669865 🥵 Book Your One night StandCall Girls In Bangalore ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Bangalore ☎ 7737669865 🥵 Book Your One night Stand
 
Generative AI or GenAI technology based PPT
Generative AI or GenAI technology based PPTGenerative AI or GenAI technology based PPT
Generative AI or GenAI technology based PPT
 
Roadmap to Membership of RICS - Pathways and Routes
Roadmap to Membership of RICS - Pathways and RoutesRoadmap to Membership of RICS - Pathways and Routes
Roadmap to Membership of RICS - Pathways and Routes
 
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
 
data_management_and _data_science_cheat_sheet.pdf
data_management_and _data_science_cheat_sheet.pdfdata_management_and _data_science_cheat_sheet.pdf
data_management_and _data_science_cheat_sheet.pdf
 

TerraformとAzureを組み合わせて使うときの勘所

  • 1. Azure Terraform Azure 2018 6 14 1 @MoriyamaKyohei
  • 3. !
  • 4. !
  • 5. Terraform x Azure 10 5 1. Terraform x Azure x ? 2. Terraform x Azure x ?state 3. Terraform x Azure x CredenDal 4. Terraform x CI/CD Tool x MSI x Azure
  • 6. Q. V Azure Resource “ ” A. Azure CLI
  • 7. $ az login $ az account list-locaWons !
  • 8. !
  • 9. !
  • 10. !
  • 11. Q. State Azure A. Blob remoteState.X configuraZon file Azure
  • 12. Terraform x State Terraform “State” “state” ”terraform.tfstate” local “state” plans state purpose > Terraform must store state about your managed infrastructure and configuration. This state is used by Terraform to map real world resources to your configuration, keep track of metadata, and to improve performance for large infrastructures. > > This state is stored by default in a local file named "terraform.tfstate", but it can also be stored remotely, which works better in a team environment. > > Terraform uses this local state to create plans and make changes to your infrastructure. Prior to any operation, Terraform does a refresh to update the state with the real infrastructure. > > For more information on why Terraform requires state and why Terraform cannot function without state, please see the page state purpose. Hashicorp Terraform Documentation -
  • 13. TerraformxStatepurpose > The primary motivation people have for using remote state files is in an attempt to improve using Terraform with teams. State files can easily result in conflicts when two people modify infrastructure at the same time. > > _Remote state_ is _the recommended solution_ to this problem. At the time of writing, remote state works well but there are still scenarios that can result in state conflicts. A priority for future versions of Terraform is to improve this. “Remote State” Terraform “Remote State” Terraform Hashicorp Terraform Documentation -
  • 14. Blob(Object) Storage $ python –version && mkdir terraform-demo && cd terraform-demo && virtualenv env && source env/bin/ac]vate && pip install azure-cli $ az login To sign in, use a web browser to open the page h`ps://microsob.com/devicelogin and enter the code FYT6E7UGR to authen]cate. # -> browser login $ az group create -n terraform-demo -l japaneast $ az storage account create --name myterrastatestore --resource-group terraform-demo --loca]on japaneast --sku Standard_RAGRS --encryp]on blob $ az storage account keys list --account-name myterrastatestore --resource-group terraform-demo $ az storage container create --name statestorecont --account-key 7p+SUZrcBuE2rUoUAT1RdvcarapOLlI1Qcl1LHAhWzYuz+Gv/w+Znwd7mcSqnITrgMN5NKc296ZfSWw1K21x wQ== --account-name myterrastatestore OS/Security Terraform okay
  • 15. Terraform blobStorage #------------------------------------------------------- # Statement of Resource Group #------------------------------------------------------- resource "azurerm_resource_group" "terraform-blob" { name = "terraform-state-blob” loca^on = "Japan East” } #------------------------------------------------------- # Crea^ng storage blob / account and container #------------------------------------------------------- resource "azurerm_storage_account" "terraform-blob" { name = "decodeterraformblob” resource_group_name = "${azurerm_resource_group.terraform-blob.name}” loca^on = "${azurerm_resource_group.terraform-blob.loca^on}” account_^er = "Standard” account_replica^on_type = ”RAGRS” } resource "azurerm_storage_container" "terraform-blob" { name = "terraformblobstatefile” resource_group_name = "${azurerm_resource_group.terraform-blob.name}” storage_account_name = "${azurerm_storage_account.terraform-blob.name}” container_access_type = "private” }
  • 16. remoteState.tf terraform { backend "azurerm" { storage_account_name = "myterrastatestore" container_name = "statestorecont" key = "prod.terraform.tfstate" access_key = "lo1EmEyuHAaRfBXkASHXONB431foHh0CwXE3p3qwR0KTZp mrQsAbMdAD54I7Lae801Om7v0VVH5PCqfVc0+GOA==" } } ! Key
  • 17. Q. terraform plan az login A. az login Auth Token Expire Time default RBAC Service principal Azure
  • 18. TerraformxAzure Terraform Azure Provider Azure Azure CLI Auth Token Auth Token `$HOME/.azure/accessTokens.json` Auth Token Expire
  • 19. RBAC RolebasedAccess Control AzureOn-Premises Sector 1 Sector 2 .. Region NA Region SA Division Mktg .. Division Sales .. Project 1 Project 2 .. Subscription per Sector Resource Group per Project Tags Region, Division, Project “Standard” VNet per Division in separate resource group Billing Tracked per Division Subnet On “standard” Vnet assigned to each Project Users,Groupsand PasswordSyncAcXve Directory ExpressRoute(s) IT Director’ Office Azure Active Directory Infrastructure Admins and Support Project Team Roles Network Admins Owners of SubscripXons VNet Contributors of “standard” VNet RGs Virtual Machine Contributors of Project RGs and “standard” VNet RGs Appropriate Role on Project RGs
  • 20. AzureCLI RBAC Serviceprincipal azlogin OAuth web applica@on SP(azure cli control) ①Login ②Login Code ③Login Code ④Login Code+ User Creden@al ⑥Auth Token $HOME/.azure/accessToken.json ⑦Auth Token ⑤ Azure CLI Web Token Expired Time !
  • 21. RBAC Serviceprincipal $# default 1 --years opYon $ az ad sp create-for-rbac AppId DisplayName Name Password Tenant ---------------------------- ------------------------- --------------------------- ------------------------- ---------------------- 15ac61e0-35a0-4969-97c9-1309420aabae azure-cli-2018-06-14-07-26-27 h]p://azure-cli-2018-06-14-07-26- 27 8d3f937e-6818-48fd-b36a-93e8fa9709f8 72f988bf-86f1-41af-91ab-2d7cd011db47 $ #subscripYon ID $ az account list Name CloudName SubscripYonId State IsDefault ---------------------------------- ----------- ------------------------------------ ------- ----------- Visual Studio Enterprise AzureCloud 2fasdfasd5a3-asdf65-4asdf-8bd9-d8asdfsdfdef8 Enabled Microsoa Azure XXXX AzureCloud casdfasdf-s7fd1-46dd-87asfdsfasdff375 Enabled True $# $ az login --service-principal -u h]p://azure-cli-2018-06-14-07-26-27 -p "8d3f937e-6818-48fd-b36a- 93e8fa9709f8" --tenant "72f988bf-86f1-41af-91ab-2d7cd011db47"
  • 22. Credential tf [azureCred.<] variable subscripEon_id {} variable tenant_id {} variable client_id {} variable client_secret {} provider "azurerm" { subscripEon_id = " ${var. subscripEon_id} " tenant_id = " ${var. tenant_id} " client_id = " ${var.client_id} " #app id → client id client_secret = "${var.client_secret}" #Password → client secret } [terraform.<vars] subscripEon_id = ”xxxxxxxxx-xxxxxxxxxx-sdfasdfasf375" tenant_id = ”asdfasdfasdf-asdf-asdf-asdfasdfasdfasdf” client_id = “15ac61e0-35a0-4969-97c9-1309420aabae” client_secret = “8d3f937e-6818-48fd-b36a-93e8fa9709f8”
  • 23. Q. terraform plan az login CI/CD token A. Azure
  • 24. Token [ ] Azure Azure AD Auth Token Token Token Code [ ] Azure MSI Managed Service Identity
  • 25. ManagedServiceIdenVty Tenant - Subscription Resource Group A Azure AcDve Directory Resource Group B MSI VM [Management VM] $az login --idenDty MSI endpoint Management VM Resource Group A Token Get Auth Token $terraform init/plan /apply/destroy VM
  • 28.
  • 29. MSI Staging RG Production RG Management RG
  • 30. Test and Staging Phase Maven Build and App Test Staging Deploy Production Deploy E2E Test Go to Production Phase
  • 31.
  • 32. Let’s try AKS with Terraform!!
  • 33. Terraform Azure oif(2018/06/14) Microsoft Microsoft M r Microsoft r r Microsoft i tr r r s r Microsoft c r c